Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-03 02:45:57 2014-07-03 02:47:55 118 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine4 xpmachine4 VirtualBox 2014-07-03 02:45:58 2014-07-03 02:47:54

File Details

File name order_id_467832647826378462387462837.exe
File size 121856 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 1CAB4C63
MD5 e8c04680e8de526d94e80943e6084a14
SHA1 1736de57211797073614e41e0735b36ae8582909
SHA256 cccc216519c6671fbc7027e4592eb79b714fa2eafc7f02bc1e43450e7dda62be
SHA512 23d7ccd98ef81e53300d49c8ecfccd1e80db91c6caee0ce205b6cbc32fb100cc8d9b578baf7563c04adfdf2223d3acc7b85cb526013b5857c3a516a0b36b9b30
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-03 06:29:54
Detection Rate: 3/54 (Expand)

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Version Infos

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\
Mutexes Nothing to display.
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Processes

registry filesystem process services network synchronization

order_id_467832647826378462387462837.exe PID: 972, Parent PID: 428

Volatility

Nothing to display.